Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/Gv_wNpXfpWq-q_UPRh3AwBy396o.roa
File:                     Gv_wNpXfpWq-q_UPRh3AwBy396o.roa (raw, json)
Hash identifier:          mb+6Z361/RYrR2bM4P/XCXIcCPG1uTGsxi5EGv9l1NI=
Subject key identifier:   1A:FF:F0:36:95:DF:A5:6A:BE:AB:F5:0F:46:1D:C0:C0:1C:B7:F7:AA
Certificate issuer:       /CN=97102c693af3a090f8f94ba1fd082db0924eaf12
Certificate serial:       019B797F070A9D13A35C6191F7EB5C8B0DD4
Authority key identifier: 97:10:2C:69:3A:F3:A0:90:F8:F9:4B:A1:FD:08:2D:B0:92:4E:AF:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/Gv_wNpXfpWq-q_UPRh3AwBy396o.roa
Signing time:             Thu 01 Jan 2026 12:18:46 +0000
ROA not before:           Thu 01 Jan 2026 12:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203696
IP address blocks:        2001:67c:196c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:07:0a:9d:13:a3:5c:61:91:f7:eb:5c:8b:0d:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97102c693af3a090f8f94ba1fd082db0924eaf12
        Validity
            Not Before: Jan  1 12:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1afff03695dfa56abeabf50f461dc0c01cb7f7aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4f:85:dc:29:40:bf:dd:73:b3:64:06:02:ee:
                    48:44:fa:98:3d:ab:10:76:a5:f7:6b:55:35:82:d7:
                    b9:9e:07:95:82:c4:b3:57:5e:28:40:42:6b:5e:54:
                    96:2b:cd:9a:b9:ce:46:4a:33:5d:35:f6:49:4c:58:
                    1c:20:e6:3f:d4:18:98:1f:d5:65:85:fd:ac:9d:11:
                    a0:c6:45:18:2e:75:f1:27:bb:83:52:ec:05:01:fe:
                    92:a9:43:8b:68:24:09:42:ec:e3:56:be:4d:e4:98:
                    d8:79:bd:38:c1:a2:b8:b0:f1:a9:9d:7f:d7:76:c0:
                    81:cf:2e:86:bf:c2:b7:9c:16:a3:b5:9a:97:3b:06:
                    0e:0e:b1:27:b8:c3:51:9d:b8:95:1c:99:5e:85:3c:
                    52:21:c9:6d:b7:84:6b:a9:32:94:08:b4:64:61:32:
                    9c:58:b5:16:56:8d:69:de:b7:e8:17:eb:20:c0:2d:
                    ef:01:77:4e:a8:76:a4:2c:05:d4:2f:c7:ed:03:a9:
                    eb:c3:32:c5:11:cd:95:20:42:a4:b7:19:65:1a:f5:
                    77:b8:58:d2:0f:ba:b3:48:f2:fb:5a:ea:76:9a:9d:
                    b8:73:3c:1c:ac:67:75:f5:75:8c:56:cf:ee:bb:28:
                    61:e5:91:68:81:83:a8:46:fd:22:3e:50:bc:aa:4b:
                    7b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:FF:F0:36:95:DF:A5:6A:BE:AB:F5:0F:46:1D:C0:C0:1C:B7:F7:AA
            X509v3 Authority Key Identifier:
                keyid:97:10:2C:69:3A:F3:A0:90:F8:F9:4B:A1:FD:08:2D:B0:92:4E:AF:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/Gv_wNpXfpWq-q_UPRh3AwBy396o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:196c::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:b5:d7:83:1e:e9:7e:ca:91:a4:90:89:a4:79:1a:d4:c6:29:
         71:d6:bf:8e:87:27:2d:ec:fc:10:db:78:24:35:cf:8a:70:75:
         42:32:e2:77:9b:cb:bc:28:5a:82:69:24:e8:ae:f7:50:1e:95:
         c2:2c:7e:1a:3d:cb:27:9d:75:50:98:80:e9:82:aa:6c:5a:5c:
         ad:b5:07:27:6d:e5:d0:a7:eb:e8:e6:d3:ea:a2:b1:3e:bd:3c:
         e3:e8:47:94:46:de:77:73:fa:f3:e0:51:f2:fe:b5:35:41:1b:
         18:11:77:b3:87:b2:fa:08:13:ae:db:9a:fc:cb:f7:47:5f:af:
         bf:7c:f1:6b:2b:0c:a9:92:90:ac:f9:71:11:b1:5e:72:9b:92:
         21:4e:c8:5c:96:de:29:ce:18:02:9a:7c:a5:09:7f:fd:b4:fd:
         4b:fa:cd:ce:09:93:62:42:f8:12:c3:80:03:bb:95:99:29:c6:
         bb:76:83:93:cf:e8:27:eb:3c:ca:1e:23:a1:2a:54:7f:4d:61:
         1f:59:c9:fc:79:ed:41:49:37:cf:9b:8c:28:e9:41:9f:02:d6:
         59:92:55:f5:4d:f6:e5:05:75:26:d3:ea:e5:df:8e:8d:f5:a0:
         9e:d7:7e:a3:40:3d:ce:31:a9:0f:17:15:80:22:37:92:e4:c6:
         d4:fa:6e:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5fwcKnROjXGGR9+tciw3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MTAyYzY5M2FmM2EwOTBmOGY5NGJhMWZkMDgyZGIwOTI0
ZWFmMTIwHhcNMjYwMTAxMTIxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWZmZjAzNjk1ZGZhNTZhYmVhYmY1MGY0NjFkYzBjMDFjYjdmN2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzU+F3ClAv91zs2QGAu5IRPqYPasQ
dqX3a1U1gte5ngeVgsSzV14oQEJrXlSWK82auc5GSjNdNfZJTFgcIOY/1BiYH9Vl
hf2snRGgxkUYLnXxJ7uDUuwFAf6SqUOLaCQJQuzjVr5N5JjYeb04waK4sPGpnX/X
dsCBzy6Gv8K3nBajtZqXOwYODrEnuMNRnbiVHJlehTxSIcltt4RrqTKUCLRkYTKc
WLUWVo1p3rfoF+sgwC3vAXdOqHakLAXUL8ftA6nrwzLFEc2VIEKktxllGvV3uFjS
D7qzSPL7Wup2mp24czwcrGd19XWMVs/uuyhh5ZFogYOoRv0iPlC8qkt7UQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBr/8DaV36Vqvqv1D0YdwMAct/eqMB8GA1UdIwQY
MBaAFJcQLGk686CQ+PlLof0ILbCSTq8SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhBc2FUcnpvSkQ0LVV1aF9RZ3RzSkpPcnhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS84ZGRhNDgtZTg0Yi00Y2E3LWFhZjQt
ZjUzZWY1MjFkYmUwLzEvR3Zfd05wWGZwV3EtcV9VUFJoM0F3QnkzOTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS84ZGRhNDgtZTg0Yi00Y2E3LWFhZjQtZjUzZWY1MjFkYmUw
LzEvbHhBc2FUcnpvSkQ0LVV1aF9RZ3RzSkpPcnhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBls
MA0GCSqGSIb3DQEBCwUAA4IBAQDBtdeDHul+ypGkkImkeRrUxilx1r+Ohyct7PwQ
23gkNc+KcHVCMuJ3m8u8KFqCaSTorvdQHpXCLH4aPcsnnXVQmIDpgqpsWlyttQcn
beXQp+vo5tPqorE+vTzj6EeURt53c/rz4FHy/rU1QRsYEXezh7L6CBOu25r8y/dH
X6+/fPFrKwypkpCs+XERsV5ym5IhTshclt4pzhgCmnylCX/9tP1L+s3OCZNiQvgS
w4ADu5WZKca7doOTz+gn6zzKHiOhKlR/TWEfWcn8ee1BSTfPm4wo6UGfAtZZklX1
TfblBXUm0+rl346N9aCe136jQD3OMakPFxWAIjeS5MbU+m6s
-----END CERTIFICATE-----